The flaws are in steps 2 and 3. First off, step 2 takes a ton of work and maybe you screw it up. Then, more importantly, WTF leaves their phone behind when they go to the restroom? Personally, I like to put my wallet, car keys, AND phone on the bar and leave them behind just to demonstrate my faith in humanity,

I understand step 2 is not easy... but apparently doable (we'll see whether it's fake and/or difficult soon I hope). People go online to do complex tasks (like fixit.com etc.) and with a definite step-by-step approach, I'm sure people will try it.

Regarding 'WTF leaves their phone behind when they go to the restroom'.... if you're at dinner with your wife, it looks weird that you take your phone when you go to the restroom when she's there at the table. I think most people at some point, leave their phone somewhere - especially after a few drinks. Work is another obvious place - at your desk, etc. Anyway it happens.

Anyone with a level head probably realized the TouchID system would be defeated in quick order. That said, it still may still prove to be an effective deterrent for crimes of opportunity (which I'd imagine most phone thefts are). Only time will tell.

I assumed the NSA cracked it first but time will never tell that story.

Haha, what tool you are. Typical Apple apologist. Grow a pair and start thinking for yourself otherwise leave. You see, other phones like the Lumia 920 or GS4 would allow you to use your phone with your gloves on. How any fool wouldn't welcome this feature says a lot for their inability to think logically. But hey, keep fighting the good fight. Denial is a helluva drug.

Getting a little feisty? Where in my post did I mention that I wouldn't welcome this feature? Where did I specifically say that? Spinning your agenda again?

I would welcome anything that makes my life easier. Who wouldn't? However, the difference between you and me is that my expectations are in what most of us call "reality". The tech is not here now in a reliable fashion, I accept it, I move on. Perhaps the day will arrive, perhaps not. I don't dwell on it. You apparently do. I have more important things in my life to concentrate on than bitching about why I have to spend 5 seconds to take my gloves off. It's a TOUCH phone. Blame Apple because it's easy for people like you, instead of blaming the glove manufacturers.

This tech is a first-step to other things. It will mature. What will most likely happen is Apple will kickstart it, make it mainstream, the competition copies it and suddenly trolls like you will make it sound like Apple had nothing to do with it, or it was the "obvious" thing to do.

I'm a fully independent thinker, and not some delusional fanboy that apologizes for Apple. I have my gripes with that company. You have zero clue who I am or what I do. What's really sad is someone like you who thinks has a pair, when in reality you're just swinging raisins from the comfort of your keyboard.

From the publicly available information on Authentec's E-field scanning I would have to conclude that you have misunderstood the technology. If it works as presented then it is actually measuring electrical equipotentials between a conductive reference plane in the sensor and the RF-modulated non-planar (3-D) conductive target surface - the moist subdermal skin layer. As such it differs from regular capacitative scanning in that it does not even see the (relatively) non-conductive surface skin layer or the air gaps between ridges. To fool it would necessitate the creation of a conductive 3-D replica of the fingerprint, not just a 2-D image. I can't see any part of the asserted hack that satisfies that requirement, so it will be interesting to see if this proves to be real.

Yes, this is the part that confused me. Given the way the touch id is supposed to work then I'm not sure how that can produce a successful reading, unless the part about reading the subdermal layer is simply to ensure that the finger is alive.

While I'm sure that CCC is not making this up, I'm not that sure how relevant it is.

To begin with, the equipment and effort required is beyond just about every casual out most iPhone users will ever encounter.

Secondly, this experiment suffers from the same problem that most of the these sensationalist demonstrations seem to exhibit: It relies on conditions that have to be rigged to work, assumptions on user behaviour, and no consideration to what happens after the exploit has been executed.

Lifting a fingerprint from a glass or a window is great, but I'm not sure how many thieves are going to be following a user around to take his fingerprint. Lifting it from a stolen phone? I'd be surprised if you could lift a clean fingerprint from the button of any iPhone; the home button sees a lot of action, and any print on it will be pretty messy. Could you lift a good one from the case? Possibly, though lots of fingerprints will overlap, others will be smudged through use and riding around in pockets. Still, that is possible.

The experiment didn't state how long this whole process took. Judging from the write-up, I think someone would have ample time to wipe the phone before it could be cracked.

It also seems that a lot of folk are gleefully clapping their hands screaming, "Apple failz!" – but I'm not sure they have just yet. Seems to me that they have cautiously released this into the wild, limiting what you can do with it. I guess folk could buy stuff from the Apple Store, but as far as I can tell, you still need to use your AppleId and password to change delivery addresses or make any other changes to the account that would be useful to a thief.

Chances are Apple will be looking carefully at this experiment and seeing how it plays out in the real world, and at the same time they'll be thinking about how to make it secure enough for online shopping without making the whole thing so inconvenient that folk won't want to use it. Perhaps they could require a second finger-print for monetary transactions: read finger1 and finger2 with no more than a two second gap.

Haha, what tool you are. Typical Apple apologist. Grow a pair and start thinking for yourself otherwise leave. You see, other phones like the Lumia 920 or GS4 would allow you to use your phone with your gloves on.

Or rather than getting an inferior phone, I could just buy a different pair of gloves:

Cracked within a couple of days! This is not good for Apple, basically they've been promoting a security technology that it turns out, isn't all that secure! Their finger-print sensor now is nothing more than a convenient way for unlocking an iPhone. I really hope they can fix it (doubtful) because the haters are going to be all over this. This is something they should of looked into before purchasing AuthenTec in the first place. I remember at the time it was a rather rushed purchase - they maybe paying the price for that now. I wonder how Apple's damage control is going to handle this?

Ah well, if you want to increase the difficulty to get your fingerprint, just use a left-hand finger if you are right-handed (and visa-versa) to unlock your iPhone.
And/or use your pinky with your iPhone and start drinking your beer like a snob with your pinky in the air ...

Omg not you too, macRUMORS posted this very misleading vid..,and you have a very misleading headline stating "established" when this is only a CLAIM, and, especially, very sketchy, not confirmed. You are adding credibility to a fear tactic. I'm about to dump all these crappy Mac forums, need to find one that doesn't post stupid crap like this just to get hits on your website. Ugh.

iOS 7's new Activation Lockout feature invalidates this B.S., if it were valid to begin with.

That $365,000,000 was rather a waste of money. I thought Apple would do something clever with the technology; such as the user having to tap in a pattern of four (or so) different prints in a sequence of their choosing which would result in a far more complex (and secure) lock.

This isn´t pin vs. fingerprint though, as everyone is discussing. It´s password vs. fingerprint, as password is what I use to buy iTunes content with. Hopefully Apple can tweak it so it isn´t easily lifted, or they will have failure on their hands. Had high hopes for TouchID for future payment systems, this just cracked a huge hole in it.

To begin with, the equipment and effort required is beyond just about every casual out most iPhone users will ever encounter.

Any scanner will do 2400x4800 scanning, and most laser printers can do 1200 dpi printing. That leaves the transparent laser printer media which I still have (used for the old-fashioned overhead-projector) and the woodglue. So no special equipment needed.

Note : They state a 2400dpi photograph, not scan... Don't know if that makes a difference.

This isn´t pin vs. fingerprint though, as everyone is discussing. It´s password vs. fingerprint, as password is what I use to buy iTunes content with. Hopefully Apple can tweak it so it isn´t easily lifted, or they will have failure on their hands. Had high hopes for TouchID for future payment systems, this just cracked a huge hole in it.

No.

For approximately half of all iPhone users this is nothing versus authentication which is a vast improvement.

Apple could quickly and easily improve security for mobile payments and likely will.

What i'm interested to know is whether a simple finger print lift from daily items that the user gets in contact with, provides enough data to create the 3D latex fingerprint copy

Exactly! I doubt that very much. So if... and if at all, any of this claim is remotely true, this is a very valid point. Whenever I see some fingerprints on any surface, they tend to be smeared and after a lot of photoshopping, they would need to be run against a FP database to be verified and only after positive match you might have some confidence to have obtained a valid fingerprint. But what if the owner used the pinky to unlock his device (as some people here already suggested)? All that hell of a trouble for nothing.

So much to the title "Apple's iTouchID already bypassed.....".

Totally crap.

Anyhow apart from elevated security I am more exited about the advanced ease of use this feature implements into iOS7.

Now if someone steals my iPhone he would have to come back to get my fingerprint. Come on! of course he was able to crack it. He had all the time in the world to get the mold of his own finger. If someone steals your iPhone, he won't be able to unlock it unless he has a high resolution image of your fingerprint, and how the heck is he going to get it?

That $365,000,000 was rather a waste of money. I thought Apple would do something clever with the technology; such as the user having to tap in a pattern of four (or so) different prints in a sequence of their choosing which would result in a far more complex (and secure) lock.

P.s. If they didn't patent this idea I'm releasing it for free.

This is a funny Idea with the 4 prints in a case where there is high security required. But to simply unlock my iPhone in a most convenient way one simple print is more secure than enough. It is certainly more secure then what 95% of iPhone users do right now.

As said previously the TouchID compliments and doesn't fully replace authentication on the iPhone.

Could someone take the time to go through and hack a computer? Sure... Could someone take the time to brute force a simple 10 character passcode on your iPhone? Yep.

A simple analogy to put in retrospect - putting a lock on your house's front door. Could someone pick the lock? Maybe. Could I easily break a window on the side of the house or kick down the door and come right in? Yea. It's another layer of security that deters theft. Just like what the TouchID is doing.

I don't understand why people are getting so heated on this. Any phone can be hacked one way or another if you have the right resources available. I don't see many folks going out and spending the time to rig up such a mock up unless they are determined thief or hacker.

Care to provide a link where Apple claims this? As far as I know this nonsense was pulled out of some anonymous ass.

The technology within Touch ID is some of the most advanced hardware and software we've put in any device. To fit within the Home button, the Touch ID sensor is only 170 microns thin, not much thicker than a human hair. This high-resolution 500 ppi sensor can read extremely fine details of your fingerprint. The button itself is made from sapphire crystal—one of the clearest, hardest materials available. This protects the sensor and acts as a lens to precisely focus it on your finger. The steel ring surrounding the button detects your finger and tells Touch ID to start reading your fingerprint. The sensor uses advanced capacitive touch to take a high-resolution image from small sections of your fingerprint from the subepidermal layers of your skin. Touch ID then intelligently analyzes this information with a remarkable degree of detail and precision. It categorizes your fingerprint as one of three basic types—arch, loop, or whorl. It also maps out individual details in the ridges that are smaller than the human eye can see and even inspects minor variations in ridge direction caused by pores and edge structures. Touch ID can even read multiple fingerprints, and it can read fingerprints in 360-degrees of orientation. It then creates a mathematical representation of your fingerprint and compares this to your enrolled fingerprint data to identify a match and unlock your iPhone. Touch ID will incrementally add new sections of your fingerprint to your enrolled fingerprint data to improve matching accuracy over time. Touch ID uses all of this to provide an accurate match and a very high level of security.

Give me a break. If someone wants my content that badly then go for it. It is very unlikely for this to really happen to the average Joe. If you have stuff that is so important that they would go to this length to get at it then a 4 digit pin is not adequate either.

Even though I am not an expert on security I have to believe that this is still more secure than other options available today for the mass market.

There's an obvious missing element from the video: where did they get the fingerprint that was used to create the synthetic fake? The insinuation is that this could be done using fingerprints from the phone's touch surface, but my guess is that smudging and incomplete prints would make finding a complete print a low probability. Also, it would require the fingerprint that unlocks the phone to come from hand that the user operates the touch screen with...which means the user could easily defeat the hack by locking the phone with a finger from the hand that they don't touch the screen with.

Use Ctrl+F (Windows) or Option/Alt + F (Mac) to search on the website and paste/write "subepidermal" and you'll find that Apple states this in the "About Touch ID security" text... What this VIDEO doesn't show, is that the "hacker group" hasn't scanned the finger beforehand, which quashes this claim (for now).

The idea of security is discourage break ins, not prevent them. The crackers just don't see how much work they went through, especially forgetting the odds of getting a good print. They've made a press release for the press.

This doesn't seem realistic, and the print capture is staged (and not shown).

There are several conveniently placed, well defined full finger prints visible on the glass of the phone in the video. I'm assuming that these were used as the source of the print. After all an iPhone thief would not likely have anything other than the phone to work from.

I could not replicate this level of print quality without purposely pressing my finger on the glass. After normal use, I had a partial prints that looked nothing like the ones shown here. Most of the normal prints were obscured by smudges as a result of moving my fingers.

This video show that it is possible to hack the sensor, but it hardly seem probable without an extremely clean source print. As others have mentioned, I'd like to see someone using this technique with a print from a real-world device.

Without doing anything out of the ordinary, look at your phone right now. Does it have a print that looks usable for a hack?

This is stupid - as others have said, the average criminal who steals your phone on the street, on the train, or picks it up if you lay it down - they will not have access to any of this and likely not have the know how. If a bunch of thieves hijack a shipment of phones, then this can come into play, but the street criminal - no. And even if they do, by time you hop on a computer to swipe it and use Find iPhone to have the police locate it, it's all for naught. This is a non-issue for 99% of the people out there.

"We hope that this finally puts to rest the illusions people have about fingerprint biometrics. It is plain stupid to use something that you can?t change and that you leave everywhere every day as a security token", said CCC spokesman Frank Rieger. "The public should no longer be fooled by the biometrics industry with false security claims. Biometrics is fundamentally a technology designed for oppression and control, not for securing everyday device access."

Morons. I suppose we should all start taking DNA samples of everyone we meet to make sure they're not impostors because their faces don't change and they're "left around everywhere they go" filmed by all the cameras everywhere.